<?php
// check if request is done via the same domain user that is actually using the script.
session_start();
if(isset($_GET["key"]) && isset($_SESSION['domainCheckKey']) && $_SESSION['domainCheckKey'] == $_GET["key"])	
{
	$fileName = "data/results.txt";
	
	$_POST["__submitTime"] = date('Y-m-d H:i:s');
	$_POST["__clientIp"] = $_SERVER['REMOTE_ADDR'];
	
	
	$newEntry =json_encode($_POST) ;
	
	file_put_contents($fileName, $newEntry."\n", FILE_APPEND | LOCK_EX);
	
	// only one submition per client	
	unset($_SESSION['domainCheckKey']);

	echo "Submition succesfull. Thank you.";
}
else
{
header('HTTP/1.1 401 Unauthorized', true, 401);

// if you're running php 5.4 and up, use this instead:
//	http_response_code(401); 
}
?>